Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
d841ec13 by Salvatore Bonaccorso at 2026-06-19T21:58:01+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -31,7 +31,7 @@ CVE-2026-56142 (In JetBrains Hub before 2026.1.13757, 
2025.3.148033, 2025.2.1480
 CVE-2026-56141 (In JetBrains Hub before 2026.1.13757, 2025.3.148033, 
2025.2.148048, 20 ...)
        NOT-FOR-US: JetBrains
 CVE-2026-56138 (AIL framework contains a path traversal vulnerability in the 
/objects/ ...)
-       TODO: check
+       NOT-FOR-US: AIL framework
 CVE-2026-53915 (In JetBrains GoLand before 2026.1.3 remote code execution was 
possible ...)
        NOT-FOR-US: JetBrains
 CVE-2026-51846 (In Tenda AC7 v15.03.06.44, the wanSpeed parameter of the route 
/goform ...)
@@ -53,11 +53,11 @@ CVE-2026-49872 (Improper Authentication vulnerability in 
Apache APISIX.  When th
 CVE-2026-49871 (Cross-Site Request Forgery (CSRF) vulnerability in the 
cas-auth plugin ...)
        NOT-FOR-US: Apache software not packaged in Debian
 CVE-2026-49359 (PhpWeasyPrint is a PHP library allowing PDF generation from a 
URL or a ...)
-       TODO: check
+       NOT-FOR-US: php-weasyprint (not same as src:weasyprint)
 CVE-2026-49358 (PhpWeasyPrint is a PHP library allowing PDF generation from a 
URL or a ...)
-       TODO: check
+       NOT-FOR-US: php-weasyprint (not same as src:weasyprint)
 CVE-2026-49357 (Line Desktop MCP is a project that, while unaffiliated with 
the offici ...)
-       TODO: check
+       NOT-FOR-US: Line Desktop MCP
 CVE-2026-49339 (gonic is a music streaming server / free-software subsonic 
server API  ...)
        TODO: check
 CVE-2026-49336 (@microsoft/kiota-http-fetchlibrary provides TypeScript 
libraries for K ...)
@@ -65,19 +65,19 @@ CVE-2026-49336 (@microsoft/kiota-http-fetchlibrary provides 
TypeScript libraries
 CVE-2026-49293 (js-toml is a TOML parser for JavaScript, fully compliant with 
the TOML ...)
        TODO: check
 CVE-2026-49291 (mcp-memory-service is a semantic memory layer for AI 
applications. Pri ...)
-       TODO: check
+       NOT-FOR-US: mcp-memory-service
 CVE-2026-49290 (Slopsmith is a self-contained web application for browsing, 
playing, a ...)
-       TODO: check
+       NOT-FOR-US: Slopsmith
 CVE-2026-49288 (Statamic is a Laravel and Git powered content management 
system (CMS). ...)
-       TODO: check
+       NOT-FOR-US: Statamic CMS
 CVE-2026-49287 (Statamic is a Laravel and Git powered content management 
system (CMS). ...)
-       TODO: check
+       NOT-FOR-US: Statamic CMS
 CVE-2026-49286 (PhpWeasyPrint is a PHP library allowing PDF generation from a 
URL or a ...)
-       TODO: check
+       NOT-FOR-US: php-weasyprint (not same as src:weasyprint)
 CVE-2026-49271 (libheif is a HEIF and AVIF file format decoder and encoder. 
Prior to v ...)
        TODO: check
 CVE-2026-49260 (PhpWeasyPrint is a PHP library allowing PDF generation from a 
URL or a ...)
-       TODO: check
+       NOT-FOR-US: php-weasyprint (not same as src:weasyprint)
 CVE-2026-49231 (Authentication Bypass by Spoofing vulnerability in opa plugin. 
 An att ...)
        NOT-FOR-US: Apache software not packaged in Debian
 CVE-2026-49230 (Improper Validation of Integrity Check Value vulnerability in 
Apache A ...)
@@ -101,7 +101,7 @@ CVE-2026-47339 (Incorrect Authorization vulnerability in 
Apache APISIX.  An atta
 CVE-2026-46461 (Dell Server Hardware Manager, versions prior to 3.2.2, 
contains an Imp ...)
        NOT-FOR-US: Dell / EMC
 CVE-2026-44939 (A command injection vulnerability in the Rancher Manager 
cluster befor ...)
-       TODO: check
+       NOT-FOR-US: Rancher
 CVE-2026-44915 (URL Redirection to Untrusted Site ('Open Redirect') 
vulnerability in A ...)
        NOT-FOR-US: Apache software not packaged in Debian
 CVE-2026-44087 (Insufficient Verification of Data Authenticity vulnerability 
in Apache ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d841ec13bb8f058e3c0864116694a188838c6d00

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d841ec13bb8f058e3c0864116694a188838c6d00
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help


_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to